[syslog-ng] "Illegal seek" with file("/proc/net/xt_recent/violators")

Valentijn Sessink valentyn at blub.net
Fri Sep 6 17:43:04 CEST 2013


On 04-09-13 14:40, Gergely Nagy wrote:
> This has been fixed in 3.4's git tree, and will be part of 3.4.4
> release.

I tried it, but it doesn't seem to help. There's something weird about
the xt_recent.c file handling. I tried to understand it's source, but I
couldn't find out. It seems that *loff is different from  file->f_pos,
and can't be simply changed with lseek().

Bottom line is, that although *loff should be 0, an lseek() will not help.

So I kindly suggest: please revert any changes that you made to
accomodate to this /proc thing - they are of no use, at this moment.

For now, xt_recent should be written with single lines only,
open()-write()-close() and repeat. Even using program("cat > ....")
doesn't work correctly; it will write the first IP address, then fail
with the second, bail out, and syslog_ng will start another cat to write
the next IP-address.

"most proc files support only one-shot writes" is what I learned from
someone at #kernelnewbies, so that's probably the final word on this.

I think the best thing is using some sort of piping program in between;
I'm not sure what I'm going to use - should any of you readers have a
good idea, please say so.

After a couple of days of trying to grasp xt_recent.c in combination
with syslog-ng file() - without avail :-( - I'm going to have a beer.
That won't help my logging, but it will help my mood! Happy friday
afternoon, dear fellow Europeans ;-) and have a nice weekend for all of you.

Best regards,

Valentijn


More information about the syslog-ng mailing list